 |
| Register | Login | |||||
 |
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
|
| Register | Login | |||||
|
Main
| Memberlist
| Active users
| ACS
| Commons
| Calendar
| Online users Ranks | FAQ | Color Chart | Photo album | IRC Chat |
|
| | ||
| Acmlm's Board - I2 Archive - - Posts by labmaster |
| Pages: 1 2 3 |
| User | Post | ||
labmaster Blue Octorok Level: 12 Posts: 1/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| I'm not sure about offsets, but there have been a lot of codes done for the game (modifying levels, enemies etc...), especially at GSCentral. Not sure if they modify the ROM or RAM region, but I'm sure the guys over there will help out if he asks nicely. | |||
|
labmaster Blue Octorok Level: 12 Posts: 2/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Golden Sun TLA (and I'd assume the first one as well) - uses a very interesting system that I never fully reversed (the reason why I got into it was I was trying to rip out enemy names), if I can find my notes on the game I'll post them here. | |||
|
labmaster Blue Octorok Level: 12 Posts: 3/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Haven't found it yet - it may not even be on this comp - still looking... Anyway this is basically what I did - the start of the enemy datablock (RAM) contains the name of the enemy in ASCII. I was able to breakpoint those addresses and trace back - I managed to get as far as what appeared to be 'pointers'. The problem was, they weren't pointers in the traditional sense (they told the game, somehow, where to look) - the text didn't seem to be any particular order either, with the various languages jumbled together. The actual storage of the text itself could quite possibly be a form of compression - it's nothing I've seen before. I guess it was the giant loops that put me off going any further. Just on a side - for anyone looking for some practice on dictionary compression, the latest Who Wants to be a Millionaire game would be a great target, I was thinking of writing a question editor for that, but some other things came up. |
|||
|
labmaster Blue Octorok Level: 12 Posts: 4/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Finding joypad read routines should be a doozey - the simplest way would be to use ARCrypt or GBATool to generate a master code using the Pad method - take the hook address and there you go. | |||
|
labmaster Blue Octorok Level: 12 Posts: 5/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| I use a modified version of VBA - VisualBoy Advance for Hackers - the windows version has a very simple ASCII search hacked into the memory viewer. As for tracing, it was basically just using breakpoints and dumping large amounts of ASM traces. I just took a look at the first game - the first enemy starts at 02030878, for The Lost Age, it's 020308c8. edit: I couldn't find my old work, so I've started again from scratch. Below is what I have so far. First enemy name is stored as ASCII at 02030878 Breakpoint on Write: Breakpoint (on write) address 02030878 old:00 new:54 R00=03007d94 R04=03007d94 R08=00000009 R12=0002f7c0 R01=02030878 R05=00000001 R09=00000080 R13=03007d90 R02=00000000 R06=02030878 R10=080c71c3 R14=08019787 R03=00000054 R07=08082908 R11=00000058 R15=0807951c CPSR=0000003f (......T Mode: 1f) 0807951a 3202 add r2, #0x2 debugger> The text is being copied from IWRAM 03007d94 using this routine: 08079514 5a13 ldsb r3, [r2, r0] 08079516 3501 add r5, #0x1 08079518 700b strb r3, [r1, #0x0] <--the store 0807951a 3202 add r2, #0x2 <--increment source by 2 (source text looks to be utf-16) 0807951c 3101 add r1, #0x1 <--increment destination by 1 0807951e 2d0d cmp r5, #0xd <--if count > 13 (13=max length of name) 08079520 dc02 bgt $08079528<--end of block 08079522 5b13 ldsb r3, [r2, r4] 08079524 2b00 cmp r3, #0x0 08079526 d1f5 bne $08079514 Using db to skip a crap load of stack breaks: Breakpoint (on write) address 03007d94 old:15fa new:0054 R00=00000054 R04=080374c0 R08=0300207c R12=00000160 R01=00000054 R05=03007d68 R09=0000ffff R13=03007d68 R02=08039b5c R06=03007d94 R10=00000000 R14=08019777 R03=0038c187 R07=0000000e R11=00000058 R15=08019770 CPSR=2000003f (..C...T Mode: 1f) 0801976e 3602 add r6, #0x2 debugger> We'll concentrate on the generation of the second letter. An ARM routine at 0300207c is called via bl 08007304 with the destination vector in r8. This bl is a standard bx r8 function call, and should not be used in traces. R00=03007d68 R04=080374c0 R08=0300207c R12=00000160 R01=00000054 R05=03007d68 R09=0000ffff R13=03007d68 R02=08039b5c R06=03007d96 R10=00000000 R14=08019777 R03=0038c187 R07=0000000e R11=00000058 R15=08019774 CPSR=2000003f (......T Mode: 1f) 08019772 f7ed bl $08007304 Following thumb registers are trashed immediately without saving: r1,r2,r3,r4 r5 and r6 are pushed at the start and popped off at the end, data is not used. Reasonable to assume that r0 is sole parameter? r0 points to 3 words on the stack. some sample word combos (looping through letter of name): 0, 08039b5c,01c60c3e (1110001100000110000111110) 54,08039b5c,0038c187 (1110001100000110000111) 68,08039b5c,001c60c3 (111000110000011000011) 75,08039b5c,000038c1 (11100011000001) 6e,08039b5c,0000038c (1110001100) 64,08039b5c,00000071 (1110001) 65,08039b5c,0000000e (1110) 72,08039b5c,00000001 (1) I see a pattern  editing the data structure before going through the loop results in 'TTTTTTThunder ' instead of 'Thunder Lizard' Below is the entire function: 0300207c e92d0060 stmfd sp!, {r5,r6} 03002080 e890000e ldmia r0, {r1-r3} 03002084 e59fc12c ldr r12, [$030021b8] (=$0803842c) 03002088 e1a04421 mov r4, r1, lsr #0x08 0300208c e08cc184 add r12, r12, r4, lsl #0x03 03002090 e89c0030 ldmia r12, {r4,r5} 03002094 e201c0ff and r12, r1, #0xff 03002098 e08cc00c add r12, r12, r12 0300209c e19550bc ldrh r5, [r5, r12] 030020a0 e0844005 add r4, r4, r5 030020a4 e1a05004 mov r5, r4 030020a8 e3a0c001 mov r12, #0x1 030020ac e2146003 ands r6, r4, #0x3 030020b0 0a000005 beq $030020cc 030020b4 e07c6186 rsbs r6, r12, r6, lsl #0x03 030020b8 e3c44003 bic r4, r4, #0x3 030020bc e494c004 ldr r12, [r4], #0x4 030020c0 e1a0c06c mov r12, r12, rrx 030020c4 e1a0c63c mov r12, r12, lsr r6 030020c8 e3a06000 mov r6, #0x0 030020cc e1b0c0ac movs r12, r12, lsr #0x01 030020d0 0494c004 ldreq r12, [r4], #0x4 030020d4 01b0c06c moveqs r12, r12, rrx 030020d8 2a000029 bcs $03002184 030020dc e1b030a3 movs r3, r3, lsr #0x01 030020e0 3afffff9 bcc $030020cc 030020e4 04923004 ldreq r3, [r2], #0x4 030020e8 01b03063 moveqs r3, r3, rrx 030020ec 3afffff6 bcc $030020cc 030020f0 e3a01000 mov r1, #0x0 030020f4 e1b0c0ac movs r12, r12, lsr #0x01 030020f8 2a000017 bcs $0300215c 030020fc e1b0c0ac movs r12, r12, lsr #0x01 03002100 2a000006 bcs $03002120 03002104 e1b0c0ac movs r12, r12, lsr #0x01 03002108 2a000003 bcs $0300211c 0300210c e1b0c0ac movs r12, r12, lsr #0x01 03002110 2a000009 bcs $0300213c 03002114 e2811004 add r1, r1, #0x4 03002114 e2811004 add r1, r1, #0x4 03002118 eafffff5 b $030020f4 0300211c e2811001 add r1, r1, #0x1 03002120 12866001 addne r6, r6, #0x1 03002124 1afffff2 bne $030020f4 03002128 e494c004 ldr r12, [r4], #0x4 0300212c e1b0c06c movs r12, r12, rrx 03002130 32811002 addcc r1, r1, #0x2 03002134 22866001 addcs r6, r6, #0x1 03002138 eaffffed b $030020f4 0300213c e2811002 add r1, r1, #0x2 03002140 12866001 addne r6, r6, #0x1 03002144 1affffea bne $030020f4 03002148 e494c004 ldr r12, [r4], #0x4 0300214c e1b0c06c movs r12, r12, rrx 03002150 32811002 addcc r1, r1, #0x2 03002154 22866001 addcs r6, r6, #0x1 03002158 eaffffe5 b $030020f4 0300215c 0a000003 beq $03002170 03002160 e2866001 add r6, r6, #0x1 03002160 e2866001 add r6, r6, #0x1 03002164 e2511001 subs r1, r1, #0x1 03002168 aaffffe1 bge $030020f4 0300216c eaffffd6 b $030020cc 03002170 e494c004 ldr r12, [r4], #0x4 03002174 e1b0c06c movs r12, r12, rrx 03002178 2afffff8 bcs $03002160 0300217c e2811001 add r1, r1, #0x1 03002180 eaffffdb b $030020f4 03002184 e1b010a6 movs r1, r6, lsr #0x01 03002188 e0866001 add r6, r6, r1 0300218c e0456006 sub r6, r5, r6 03002190 e5565001 ldrb r5, [r6, -#0x1] 03002194 e5566002 ldrb r6, [r6, -#0x2] 03002198 2205100f andcs r1, r5, #0xf 0300219c 21861401 orrcs r1, r6, r1, lsl #0x08 030021a0 31a01205 movcc r1, r5, lsl #0x04 030021a4 31811226 orrcc r1, r1, r6, lsr #0x04 030021a8 e880000e stmia r0, {r1-r3} 030021ac e1b00001 movs r0, r1 030021b0 e8bd0060 ldmfd sp!, {r5,r6} 030021b4 e12fff1e bx lr <---end of routine I hope (edited by labmaster on 12-04-04 12:13 AM) |
|||
|
labmaster Blue Octorok Level: 12 Posts: 6/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Goldwave supports MP3's (you'll need LAME to save) and OGGs - unfortunately, it's shareware. | |||
|
labmaster Blue Octorok Level: 12 Posts: 7/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Try http://tinyurl.com/3j4kx . There'll be a reasonable amount of duds you'll have to sift through, but hopefully you'll get somewhere. At the moment, I have a site hosted at www.4gigs.com (free, comes with 3 db's plesk/cpanel, and virtually unmetered bw) - though I noticed they took down the hosting info on their main site... | |||
|
labmaster Blue Octorok Level: 12 Posts: 8/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Just to get things straight - the gallery is simply based on putting files into directories - not adding any info in a file or DB? Showing the filenames should be easy - you'll have them when you open the files, so you can grep those out. To get the 'last modified' time of a file, use filectime (I'm getting this out of my CHM version of the PHP Manual, I suggest you grab a copy if you haven't already). |
|||
|
labmaster Blue Octorok Level: 12 Posts: 9/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Are you familiar with Regular Expressions? If not, it'd be worth reading up on them. ereg_replace (POSIX style) and preg_replace (Perl style) should be able to do what you want - if need be, you may need to use them alongside their splitting counterparts (?reg_split). |
|||
|
labmaster Blue Octorok Level: 12 Posts: 10/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Instead of Round(nValue / ((nMax - nMin) / NumDots)) try Round( NumDots * nValue/(nMax-nMin)). I don't really see why both of them shouldn't work though, since even though ((nMax-nMin)/NumDots) is < 1, dividing nValue by that should give a number larger than nValue. |
|||
|
labmaster Blue Octorok Level: 12 Posts: 11/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Can the script be on the same server as the text file? If it can, then it's easy - you can use your basic file I/O functions, or else you'll have to go the FTP route. | |||
|
labmaster Blue Octorok Level: 12 Posts: 12/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| http://www.codingforums.com/showthread.php?t=48405 ^^ hopefully that's your problem. Which version of PHP are you running? |
|||
|
labmaster Blue Octorok Level: 12 Posts: 13/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| One way to have your maps externally is simply to have the values in a binary file, that you can parse with QB's file I/O functions - the same goes for tiles as well. | |||
|
labmaster Blue Octorok Level: 12 Posts: 14/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| MinGW is basically the whole shebang for Windows. Personally, I use MSVC (I started out with Dev-C++) - there's only one really annoying bug that causes it to crash when building a project (it's quite rare though) - it's very easy to use once you get used to it. |
|||
|
labmaster Blue Octorok Level: 12 Posts: 15/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| If it's games with sources you're after, there's a heap at gbadev - http://www.gbadev.org/demos.php | |||
|
labmaster Blue Octorok Level: 12 Posts: 16/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Okay, here's the scenario. I have a program called A.exe. I want A.exe to be able to run B.exe (a command line program), and capture its output, storing it into a buffer. Is this possible with C/++, and if so, would I do it (I know it can be done with some scripting languages like perl). Note: Names have been changed to protect their identity. |
|||
|
labmaster Blue Octorok Level: 12 Posts: 17/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Yeah, that's what I've got at the moment (slightly less pretty, it creates a temporary batch file and winexec's it), I was hoping there was a better way of doing it, but I can live with that. | |||
|
labmaster Blue Octorok Level: 12 Posts: 18/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| Awesome - thanks Para. | |||
|
labmaster Blue Octorok Level: 12 Posts: 19/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| I've been doing some work with games developed by Griptonite, and it turns out, most of their GBA games use the same method of storing text. I'm not sure how useful this is, since their range of games isn't all that hack-worthy (http://www.griptonite.com/what.asp), but I thought I'd post this here anyway to see if anyone's interested. I also wrote a quicky program to extract all of the text strings in HP  OA, you can see the output at http://labmaster.4gigs.com/output_hppoa.txt. I might release the source later, I'm not inclined to at the moment because my skills at turning assembly code into fluid C are still developing... well actually, they're pretty much non existant, at the moment.(edited by labmaster on 01-26-05 01:19 AM) |
|||
|
labmaster Blue Octorok Level: 12 Posts: 20/43 EXP: 6135 For next: 1786 Since: 07-17-04 From: New Zealand! Since last post: 10 days Last activity: 2 min. |
| ||
| There are only 10 types of people in this world. Those who understand binary, and those who don't. A bit is one 'digit' in binary, with either an on (1) or off (0) state. The hex value 6D, is 01101101 in binary. Each of the '1's and '0's are bits. meh, I suck at explaining this sort of stuff. (edited by labmaster on 01-27-05 02:00 AM) |
| Pages: 1 2 3 |
| Acmlm's Board - I2 Archive - - Posts by labmaster |
